Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Securing local filesystem access for Condor on Windows
- Date: Wed, 22 Nov 2006 12:27:00 +0000
- From: Patrick Townsend <patrick.townsend@xxxxxxxxxxxxx>
- Subject: [Condor-users] Securing local filesystem access for Condor on Windows
Hi
Is it possible to restrict the access to the local filesystem that the
Condor-reuse-vm1 account has when running a job on a Windows client?
The account condor-reuse-vm1 is added to the Windows local group Users. By
default members of this group have R access to most of the local
filesystem. This has obvious security implications as a job can hoover up
data from the running node's local filesystem.
We are running Condor v6.6.11. I can think of three ways round this, but am
unclear which is best and what may get broken. Has anyone tried these or
can offer advice on what is the best way forward?
1) Remove account condor-reuse-vm1 from local group Users.
2) Change file perms to deny access to local filesystem outside sandbox
directory d:\condor\execute\.
3) Does Condor have a feature which could help in this case?
regards
Patrick.
---------------------------------------------------
Patrick Townsend - Computer Systems Officer.
University of Bristol.